bretton.dev
code
Clone this repository
https://tangled.org/bretton.dev/coves
git@knot.bretton.dev:bretton.dev/coves
For self-hosted knots, clone URLs may differ based on your setup.
Remove unused dependencies that were only needed for Coves-side DID
generation and key management, which has been delegated to the PDS
in V2.0 architecture.
Changes:
- Remove unused crypto libraries
- Update go.mod and go.sum after dependency cleanup
- Simplify dependency tree
The PDS now handles all cryptographic operations for community DIDs,
reducing our dependency footprint and maintenance burden.
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Remove Coves-side DID generator in favor of PDS-managed DID generation.
Removed Files:
- internal/atproto/did/generator.go
- internal/atproto/did/generator_test.go
Rationale:
V2.0 architecture delegates all DID and key management to the PDS for:
- Bluesky PDS cannot handle record imports created outside the PDS.
- No complex cryptography
- Standard atProto compliance (PDS owns community identity)
The PDS now handles:
- DID generation (did:plc format)
- Signing key generation and storage
- Rotation key generation and storage
- PLC directory registration
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add Docker Compose profile for running a local PLC directory server,
enabling E2E tests without polluting production plc.directory.
Changes:
- Add postgres-plc service (port 5436) for PLC directory database
- Add plc-directory service (port 3002) running did-method-plc
- Add 'plc' profile for optional PLC directory startup
- Update Makefile with PLC directory targets
Usage:
docker-compose --profile plc up postgres-plc plc-directory
PLC_DIRECTORY_URL=http://localhost:3002 go test ./tests/integration/...
Benefits:
- Isolated dev environment for DID registration testing
- No pollution of production PLC directory
- Faster E2E tests (no external network calls)
- Enables testing of full community provisioning flow locally
This supports V2.0 architecture where communities get PDS-managed DIDs
that should be registered with a PLC directory.
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Update all existing community tests to align with V2.0 changes:
- Replace password hash fields with encrypted password fields
- Remove DID generator mocks and dependencies
- Update test data structures for PDS-managed keys
- Fix assertions for new community provisioning flow
Modified Test Files:
- community_consumer_test.go: Update Jetstream consumer tests
- community_credentials_test.go: Update credential validation tests
- community_e2e_test.go: Update end-to-end workflow tests
- community_repo_test.go: Update repository layer tests
- user_test.go: Add helper functions for test DIDs
- community_service_test.go: Update service layer unit tests
Breaking Changes:
- Communities no longer have Coves-generated DIDs
- Password field is now encrypted, not hashed
- Service constructors simplified (no DID generator)
All tests pass with new V2.0 architecture.
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Add comprehensive integration tests for V2.0 community provisioning
with encrypted passwords and PDS-managed key generation.
New Test Files:
- community_provisioning_test.go: Password encryption/decryption validation
- community_service_integration_test.go: E2E PDS account creation tests
Test Coverage:
- Password encryption and decryption correctness
- Plaintext password recovery after storage
- PDS account creation with real PDS instance
- DID and handle generation by PDS
- Credential persistence and recovery
These tests verify the critical V2.0 fix: passwords are encrypted
(not hashed) to enable session recovery when access tokens expire.
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
Update CommunityService and server initialization to remove Coves-side
DID generation. V2.0 architecture delegates all DID and key management
to the PDS for simplicity and faster shipping.
Service Layer Changes:
- Remove didGenerator parameter from NewCommunityService
- PDS provisioner handles account creation and receives DID from PDS
- Simplified service constructor signature
Server Initialization Changes:
- Remove DID generator initialization
- Simplify PDS provisioner creation (no userService needed)
- Add comprehensive logging for dev vs production modes
- Unify PLC directory URL configuration for identity resolver
- Ensure dev mode uses local PLC directory for E2E testing
Configuration:
- IS_DEV_ENV=true: Use local PLC directory for both creation and resolution
- IS_DEV_ENV=false: Use production PLC or IDENTITY_PLC_URL override
This change prepares for V2.0 where communities are fully PDS-native entities.
馃 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>